[tor-commits] [tor/master] dos: Add HS DoS INTRO2 rejected stats in heartbeat
dgoulet at torproject.org
dgoulet at torproject.org
Wed Nov 6 15:34:03 UTC 2019
commit e85f86bb7b676435b2eb11006f111f6e45b8d252
Author: David Goulet <dgoulet at torproject.org>
Date: Thu Oct 31 13:57:14 2019 -0400
dos: Add HS DoS INTRO2 rejected stats in heartbeat
The DoS heartbeat now contains the number of rejected INTRODUCE2 cell that the
relay has seen.
Closes #31371
Signed-off-by: David Goulet <dgoulet at torproject.org>
---
src/core/or/dos.c | 13 +++++++++++--
src/feature/hs/hs_dos.c | 7 +++++++
src/feature/hs/hs_dos.h | 3 +++
3 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 5f9bbf90a..8cfea910b 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -15,6 +15,7 @@
#include "core/or/channel.h"
#include "core/or/connection_or.h"
#include "core/or/relay.h"
+#include "feature/hs/hs_dos.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "feature/relay/routermode.h"
@@ -629,6 +630,7 @@ dos_log_heartbeat(void)
char *cc_msg = NULL;
char *single_hop_client_msg = NULL;
char *circ_stats_msg = NULL;
+ char *hs_dos_intro2_msg = NULL;
/* Stats number coming from relay.c append_cell_to_circuit_queue(). */
tor_asprintf(&circ_stats_msg,
@@ -654,17 +656,24 @@ dos_log_heartbeat(void)
num_single_hop_client_refused);
}
+ /* HS DoS stats. */
+ tor_asprintf(&hs_dos_intro2_msg,
+ " %" PRIu64 " INTRODUCE2 rejected.",
+ hs_dos_get_intro2_rejected_count());
+
log_notice(LD_HEARTBEAT,
- "DoS mitigation since startup:%s%s%s%s",
+ "DoS mitigation since startup:%s%s%s%s%s",
circ_stats_msg,
(cc_msg != NULL) ? cc_msg : " [cc not enabled]",
(conn_msg != NULL) ? conn_msg : " [conn not enabled]",
- (single_hop_client_msg != NULL) ? single_hop_client_msg : "");
+ (single_hop_client_msg != NULL) ? single_hop_client_msg : "",
+ (hs_dos_intro2_msg != NULL) ? hs_dos_intro2_msg : "");
tor_free(conn_msg);
tor_free(cc_msg);
tor_free(single_hop_client_msg);
tor_free(circ_stats_msg);
+ tor_free(hs_dos_intro2_msg);
return;
}
diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c
index 81041475e..d36ee97e6 100644
--- a/src/feature/hs/hs_dos.c
+++ b/src/feature/hs/hs_dos.c
@@ -206,6 +206,13 @@ hs_dos_can_send_intro2(or_circuit_t *s_intro_circ)
return true;
}
+/* Return rolling count of rejected INTRO2. */
+uint64_t
+hs_dos_get_intro2_rejected_count(void)
+{
+ return intro2_rejected_count;
+}
+
/* Initialize the onion service Denial of Service subsystem. */
void
hs_dos_init(void)
diff --git a/src/feature/hs/hs_dos.h b/src/feature/hs/hs_dos.h
index ccf4e2717..b9e39aca4 100644
--- a/src/feature/hs/hs_dos.h
+++ b/src/feature/hs/hs_dos.h
@@ -24,6 +24,9 @@ void hs_dos_consensus_has_changed(const networkstatus_t *ns);
bool hs_dos_can_send_intro2(or_circuit_t *s_intro_circ);
void hs_dos_setup_default_intro2_defenses(or_circuit_t *circ);
+/* Statistics. */
+uint64_t hs_dos_get_intro2_rejected_count(void);
+
#ifdef HS_DOS_PRIVATE
#ifdef TOR_UNIT_TESTS
More information about the tor-commits
mailing list